有没有办法从 docker 容器内访问互联网?
我的容器必须到达一些网址才能工作......
我的容器是:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
457c79c831b6 rancher/k3s:v1.17.0-k3s.1 "/bin/k3s agent" 15 hours ago Up 10 minutes k3d-k3s-default-worker-1
b9b39e82a6b2 rancher/k3s:v1.17.0-k3s.1 "/bin/k3s agent" 15 hours ago Up 10 minutes k3d-k3s-default-worker-0
fb795905ec64 rancher/k3s:v1.17.0-k3s.1 "/bin/k3s server --h…" 15 hours ago Up 10 minutes 0.0.0.0:6443->6443/tcp k3d-k3s-default-server
如您所见,它们正在运行rancher/k3s:---图像。
我看过日志:
E0205 08:07:07.844781 6 kuberuntime_manager.go:729] pod“vault-helm-1580888075-agent-injector-b7647bf59-vght5_default(7210fa15-5ba4-4c61-9e2c-2bce05cd3bc0)”的 createPodSandbox 失败:rpc:错误代码desc = 无法获取沙盒镜像“docker.io/rancher/pause:3.1”:无法拉取镜像“docker.io/rancher/pause:3.1”:无法拉取和解压镜像“docker.io/rancher/pause: 3.1”:无法解析参考“docker.io/rancher/pause:3.1”:无法执行请求:Head https://registry-1.docker.io/v2/rancher/pause/manifests/3.1:拨号 tcp:查找 registry-1.docker.io:再试一次
似乎无法访问registry-1.docker.io存储库。
但是,我可以从我的主机中提取图像:
$ docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
bdbbaa22dec6: Pull complete
Digest: sha256:6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
我的主机在一个合作代理后面工作:
$ cat /etc/systemd/system/docker.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://10.49.0.1:8080/"
Environment="HTTPS_PROXY=http://10.49.0.1:8080/"
Environment="NO_PROXY="localhost,127.0.0.1,::1"
另外,我尝试测试容器是否能够访问代理 ip:
$ docker exec -it 457c79c831b6 sh
/ # ping 10.49.0.1
PING 10.49.0.1 (10.49.0.1): 56 data bytes
<no response>
编辑
/etc/resolv.conf内容:
cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0
编辑 2
k3d主容器节点的网络相关检查:
$ docker inspect k3d-k3s-default-server | grep -i networks -A10
"NetworkSettings": {
"Bridge": "",
"SandboxID": "57705be8c175394ac122b95f070321dbe48d4c7b7752482391fc243562babb75",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"6443/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "6443"
--
"Networks": {
"k3d-k3s-default": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"k3d-k3s-default-server",
"fb795905ec64"
],
"NetworkID": "337e73b268477428e97798665dd8013fd1e17d2003e33dcce694ab78f7f8b4bb",
"EndpointID": "a35a783664dff4d68d199c6e23cd6d2c5a7cd0eac7a5f4b1691d524befe4ec01",
"Gateway": "172.18.0.1",
编辑 3
$ docker network inspect k3d-k3s-default
[
{
"Name": "k3d-k3s-default",
"Id": "337e73b268477428e97798665dd8013fd1e17d2003e33dcce694ab78f7f8b4bb",
"Created": "2020-02-04T17:40:01.13490488+01:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"457c79c831b6a76ae9b78cf360ae437eed04b18bd18429ac2e8436801ba0f4f7": {
"Name": "k3d-k3s-default-worker-1",
"EndpointID": "af38a2ecd618cf31df3dd4c88dea58ddc54de621e580934eb308105835f549d1",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
},
"b9b39e82a6b2ef0863cbc8ed9f09cabbbcf8618fc14a2877feac9218b6803575": {
"Name": "k3d-k3s-default-worker-0",
"EndpointID": "87aacc1963289bca9097586cfc28fa17c7a98ee7716d5918a4c83143c35c8b00",
"MacAddress": "02:42:ac:12:00:04",
"IPv4Address": "172.18.0.4/16",
"IPv6Address": ""
},
"fb795905ec64f99aac5ed1ad654d3e44a73e702327d15a91e4f60df4e5d03724": {
"Name": "k3d-k3s-default-server",
"EndpointID": "a35a783664dff4d68d199c6e23cd6d2c5a7cd0eac7a5f4b1691d524befe4ec01",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"app": "k3d",
"cluster": "k3s-default"
}
}
]